What is a Whistleblowing Policy?

Whistleblowing involves the reporting of wrongdoing that has, or could, negatively impact the public. Whistleblowers are workers and the misconduct is typically witnessed at work. A whistleblowing policy outlines an organisation’s stance on whistleblowing and offers instruction to workers who are considering blowing the whistle. The law does not demand that employers have a whistleblowing policy, but it is good practice to have one in place. Cultivating an open, honest and transparent working environment helps to protect both your organisation and your customers. It is widely appreciated that a large proportion of workers are scared to blow the whistle. Concerns are predominantly around the fear of persecution from team members and nothing being done to address their worries. Education and demonstration that whistleblowers will be treated with the respect they deserve allows you to combat these anxieties.

What is Whistleblowing?

Whistleblowing is where workers pass on information about wrongdoing, normally discovered at work. In order to count as whistleblowing two criteria must be fulfilled. Firstly, the disclosure must be in the public interest, and secondly, it must fall into one of the following categories:

  • Criminal offence
  • Failure to comply with legal obligations
  • Miscarriage of justice
  • Risks to someone’s health and safety
  • Real or potential damage to the environment
  • Belief that someone is covering up wrongdoing

What Should a Whistleblowing Policy Contain?

Whistleblowing policies will differ between organisations, largely dictated by the organisation’s size and nature. For example, large businesses may train managers so that employees can contact their managers directly with any concerns. However, it is unlikely that smaller businesses will have adequate resources to facilitate this system. Here is a basic outline explaining what a good whistleblowing policy should cover:

  • An explanation of whistleblowing, how it relates to your organisation and the benefits of blowing the whistle.
  • An outline of your whistleblowing procedure.
  • Expressed commitment to train all workers in whistleblowing.
  • Commitment to treat all disclosures fairly and maintain confidentiality when requested to do so.
  • A statement clarifying that “gagging clauses” do not prevent whistleblowing.
  • A realistic prediction of the information a whistleblower can expect to receive and a timescale for processing their complaint.
  • A description of the limitations of remaining anonymous, i.e. lack of progress updates and not being contacted for further information.
  • Emphasis on the fact that whistleblower victimisation will not be tolerated.
  • Insistence that whistleblowers need not supply evidence in order for their concern to be investigated.
  • Signposting towards information and advice for those considering whistleblowing.
  • Information specifying the prescribed person for whistleblowing complaints.

Additionally, employees often confuse personal grievances with complaints that are in the public interest. Your whistleblowing policy should explain the differences between whistleblowing and personal grievances. Organisations that recognise a trade union sometimes produce a whistleblowing policy in consultation with them.

How Can a Whistleblowing Policy be Made Available?

Having a readily accessible whistleblowing policy encourages workers to escalate their concerns. However, even a good whistleblowing policy is redundant if there is no awareness generated around it. Written policies are insufficient and simply delivering a one-off push on publicising the policy is not enough. Staff should regularly be reminded of its importance and the policy should be flagged to any newcomers. Thorough and regular staff training assists in generating awareness, understanding and acceptance of a whistleblowing culture.

The Importance of a Whistleblowing Culture

Within your organisation, it is highly likely that workers will be the first to witness any wrongdoing. Generating a whistleblowing culture means that these concerns will be brought to your attention and risks can be mitigated accordingly. As expressed above, training all workers in whistleblowing is good practice and protects your organisation against fraud and misconduct. Education is the key in generating awareness and acceptance of a whistleblowing culture. Furthermore, good whistleblowing policies and procedures encourage workers to make their disclosure to your organisation directly, rather than to an external party. This allows you to address and rectify issues internally and choose whether to escalate the matter.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.